Investors of several companies targeted by Chinese cyber attacks are none too pleased that they weren't informed of the hacks before the US filed criminal charges earlier this week. Alcoa Inc. and Allegheny Technologies Inc. both failed to alert investors after Chinese army hackers compromised their online systems and allegedly made off with trade secrets; the US has formally charged five Chinese individuals with economic espionage, trade secret theft, and conspiracy to commit computer fraud, among other charges. Investors feel they have a right to know about such intrusions without delay since attacks can quickly send a company's stock price into a nosedive. Target's stock dropped 11 percent after the retailer experienced a massive breach last year that impacted millions of consumers.
However, as Bloomberg notes, federal securities laws don't yet mandate that companies disclose when they've been hacked. In 2011, the SEC issued guidance on the subject and advised businesses to report cyber attacks — just as they would any other event that poses a "specific and material risk" to investors. But there's no hard and fast rule, and investors are eager for more transparency about hacks, which can cost companies millions to guard against and far more to recover from.